Skip to main content
HR 1636 108th Congress House Commerce Administrative procedure Administrative remedies Civil Rights and Liberties, Minority Issues Commercial arbitration Computer networks Computer security measures Computer software Congress Congressional investigations Congressional reporting requirements Consumer complaints Consumer education Consumer protection Crime and Law Enforcement Criminal statistics Data banks Electronic commerce Federal Trade Commission Federal preemption

Consumer Privacy Protection Act of 2003

Introduced: April 3, 2003 See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 3 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Apr 24, 2003
Referred to the Subcommittee on Commerce, Trade and Consumer Protection.
Apr 3, 2003
Referred to the Committee on Energy and Commerce, and in addition to the Committee on International Relations, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Apr 3, 2003
Introduced in House
 Plain-English summary Congressional Research Service

Consumer Privacy Protection Act of 2003 - Requires data collection organizations, under specified conditions, to notify consumers: (1) at the time of collection that their personally identifiable information may be used for an unrelated transaction purpose; and (2) of any material change in the organization's privacy policy statement immediately after each change.

Requires such organizations to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.

Requires an organization to provide consumers, without charge, the opportunity to preclude the sale or disclosure of their information to any organization that is not an information-sharing partner. Prescribes requirements for opportunities an organization may give consumers to limit other information practices of the organization.

Directs an organization to prepare and implement an information security policy that prevents the unauthorized disclosure or release of a consumer's information.

Requires the Federal Trade Commission (FTC) to presume that an organization is in compliance with this Act if it participates in an approved five-year self-regulatory program. Prescribes requirements for a self-regulatory consumer dispute resolution process.

Directs the FTC to: (1) facilitate electronic and promote the use of common identity theft affidavits; (2) require the timely resolution of identity theft disputes; (3) utilize the Identity Theft Clearinghouse to transmit information to appropriate entities for protective action and to mitigate losses; and (4) provide change of address protection for consumers.

Requires: (1) the Comptroller General to analyze the impact on U.S. interstate and foreign commerce of information privacy laws, regulations, or agreements enacted, promulgated, or adopted by other nations, and whether the enforcement mechanisms or procedures of them result in discriminatory treatment of U.S. entities; and (2) the Secretary of Commerce, based on such results, to take steps to mitigate against such discriminatory impact.

Directs the Secretary to seek harmonization of this Act with other international privacy laws, regulations, and agreements for the advancement of transnational and electronic commerce.

What's happening now April 24, 2003

Referred to the Subcommittee on Commerce, Trade and Consumer Protection.

 Committees of jurisdiction 3
 Cosponsors 1
All 1 Democratic 1